FRAMINGHAM (04/03/2000) - In a show of instructive mischief, a reader not too long ago sent me e-mail that arrived from myself. I'd been spoofed. This fellow (clearly a man with time on his hands and a mission in his heart) intended me no harm. But he wanted to show me how pitifully easy it was to slip into my e-mail system and borrow my online identity.
When the wave of distributed denial-of-service attacks disabled several prominent Web sites last month, I didn't even connect my minor spoofing incident with that widespread, costly havoc. But it was that ability to spoof - to deliberately craft false return addresses - that helped those (still unidentified) crackers hide hundreds of Internet-connected desktops they had turned into unwitting attack dogs. This is the dark side of anonymity on the Net: the ability to skulk around, implant malicious code, then mask the damaged sites with spoofing.
The Internet community has long had the power to stop spoofing, right in its nasty, trackless path. How? Through the relatively simple defensive maneuver of network router filtering. If crackers can't spoof, they can't run and hide. The catch? It'll take a virtual village of businesses, universities and government agencies to use such filtering to make it widely effective.
Last week, the SANS Institute issued an urgent call to action to the Internet community. It posted a free set of guidelines at www.sans.org/dosstep/index.htm that can be used to halt infected IP packets on their way through router gateways. The guidelines were drafted by UUnet and tested extensively by more than 100 member organizations, including Cisco Systems Inc., Mitre Corp. and the major Internet service providers. This week, Mitre plans to release a free software tool that any of us can use to verify that our Net access provider is using router filtering and protecting us from spoofing.
The once-cloistered world of Internet citizens is where we all live now, and most of us want to feel safe in our communities, among neighbors we can trust.
SANS's antispoofing crusade is a very timely cause and a great opportunity for the IT community to lead. So seize the moment. Oh, and be suspicious of any e-mail from me.